Hi, I walked through ext2 code, and found one potential NULL deference in ext2/xattr.c. The version is 2.6.35-rc4, while earlier versions have the same problem. If you configure EXT2_XATTR_DEBUG, you'll get: # define ea_idebug(inode, f...) do { \ printk(KERN_DEBUG "inode %s:%ld: ", \ inode->i_sb->s_id, inode->i_ino); \ printk(f); \ printk("\n"); \ } while (0) In ext2/xttr.c ext2_xattr_get, NULL pointer check is done after ea_idebug call, so some may hit NULL deference here. ext2_xattr_get(struct inode *inode, int name_index, const char *name, void *buffer, size_t buffer_size) { struct buffer_head *bh = NULL; struct ext2_xattr_entry *entry; size_t name_len, size; char *end; int error; ea_idebug(inode, "name=%d.%s, buffer=%p, buffer_size=%ld", name_index, name, buffer, (long)buffer_size); if (name == NULL) return -EINVAL; Following is my patch. Please check it. The patch is against kernel 2.6.35-rc4. >From adc1fa6535034db3b6d8deebda6ec7eaa8bfd2f8 Mon Sep 17 00:00:00 2001 From: Wang Sheng-Hui <crosslonelyover@xxxxxxxxx> Date: Sat, 10 Jul 2010 16:05:53 +0800 Subject: [PATCH] avoid NULL deference in ext2_xattr_get Signed-off-by: Wang Sheng-Hui <crosslonelyover@xxxxxxxxx> --- fs/ext2/xattr.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c index 7c39157..81ec1c6 100644 --- a/fs/ext2/xattr.c +++ b/fs/ext2/xattr.c @@ -156,11 +156,12 @@ ext2_xattr_get(struct inode *inode, int name_index, const char *name, char *end; int error; + if (name == NULL) + return -EINVAL; + ea_idebug(inode, "name=%d.%s, buffer=%p, buffer_size=%ld", name_index, name, buffer, (long)buffer_size); - if (name == NULL) - return -EINVAL; down_read(&EXT2_I(inode)->xattr_sem); error = -ENODATA; if (!EXT2_I(inode)->i_file_acl) -- 1.6.3.3 -- Thanks and Best Regards, shenghui -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html